
WORLD INTELLECTUAL PROPERTY ORGANIZATION 
pprr. WORLU,rucl tatcroational Bureau 

intematiooal Publication Number. TTV/ 



(51) International Patent Classification 7 : 
H04N 1/44, 7/1^7 



Al 



(43) 



International Publication Date: 



2 June 2000 (02.06.00) 



{21) Internationa! Application N-ber: FCIWWW106 
(22) internal >», ^ .7 November 1999 07.11.99) 



(30) Priority Data: 
1 9803979-5 



20 November 1998 (20.1 158) SE 

» r ». TELEFONAIOTEBOLAGET LM ERICSSON 

t a TvrnfTT Mflonus- Varvagen 10, S-194 60 Up?- 
S-133 43 Saltsjobaden (SE). 

I (74) Agents: SANDSTROM. Staffan aU Be^riWe & LM 
I V ' ^7 a u ab. Box 17704. S-l 18 93 Stockholm (SE). 



SFff £ 5 M. U ™£ European patent (AT. BE. 
X CY DE. l£ ES H. FR, GB, OR. IB, FT, LU, MC 
St g'SS&I patent (BP. BJ CF, CG. CI, CM. OK. 
ON. GW. ML, MR, NE, SN, TO, TG). 



Published 

With international search report. 

BeforelLT^iration of the time Umtt for amending the 
c uZ Z 7be republished in the even, of the recept of 
amendments. 



I (57) Abstract 



101 ? 

I Open 
Section 


Encrypted ^ 
Section 1 


Encrypted j 
Section 2 J 






4 



)ecryption 
vtethod 1 



v 109 



In a method and a de- 
vice for partial encryption and 
progressive transmission of im- 
^ a first section of the un- 
a|e file is compressed at reduced 

quality without (lecrypnon and 
a second section of the image 
file is encrypted. Users having 
l^toapprepriatedeaypuon 

keywords can decrypt this sec- 
ond section. The first section 
together with the decrypted sec- 
S section can then be' «cwed 
I as a ftill quality image. The stor- 
age space required for stonng the 
? re tan4 section togeAerises- 
sentially the same as the stor 
| ate space required for stonng 
fte unencrypted full quahty rm- 
aee By using the method and 
device as described herein stor- 
age and bandwidth requirements 
| foV partially encrypted images is 
j reduced. Furthermore, object 
' based composition and process- 
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A METHOD AND A DEVICE FOR ENCRYPTION OF IMAGES 

TECHNICAL FIELD ^ device fQr 

The present invention relates to * 
encrypting images. 

L -s^tU and storing secret info-ation ^ 
important "ne available to a user paying for 

^^r r seTraf encrypting digital 

the - £oIMt ^^ M S e 6 sucb Betho ds ca n also be applied also 

triple DBS and the public-key RSA method. 

„»„ be stored on servers and distributed over a 
Digital images can be stored o ^ ^ ^ 

telecommunication network as dxgxtal ^ „ a CD . S0H . 

be distributed using a control that suits 
Service provide^ nee d^ o est ablrs^ ^ ^ „ 

their business model . In this fco 
o££ er partial access to one set of user ^ ^ ^ 

rr-Llrrto pTvent all users from having full access 
to all image data. 

be offered for sale on the Internet. 
News photographs can e.g. - cust0 mers to dovmload a 

Tne service provider wants to ^ eva iuation. 
version of. the image with reduced service and 

i *v,»fc want to publish an image, pay tor 
journals, that want t * quality image, 

are then allowed to download a full qu 

- ■ ~z T2z=z~ 

Md download bit rates. M «»g P ^ ^ ^ given 

^t to distribute images on ^ vieu che lMg es at a 

eway or sold for a low pnca. Cu ^ ^ fuU 

c - - ~« - ° ttM is possible ' 
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It is also essential that customers always can access images 
X Set friendly, standardised software, xmage prefers are 
Octant to design and support special image viewer and 
customers don' t want a proliferation of viewing tools . 

Presently, image providers have to ™ ^ 

i^ges stored. The full duality versio » ».•"«* ""^ 
r .a imaae file. This means that the image first is 
Tompfe sed^d a red in a compressed file format such as a» 
^ Se compressed file is then encrypted using a suitable 
encryption toofand an encrypted image file is stored The user 
Tstlirst decrypt this file and then access 
compressed image file using an i^-age viewing tool Reduced 
ou^ity images are produced by processing the full quality 
CI in an image editing program. They are stored as separate 
compressed image files. 

versions of the same^ g^ ^ case o£ 

versions must also be t ^ ^ ^ see the £ree 

remote access in the case a resolution 
low resolution image before paying for the full 

version. 

lts in a significant disadvantage if the reduced 
^is results in a sign ^ ^ 

version image conta, , a ^ fQr gale to journal s would 

^formation. Images that are^ good 

in particular * ; - -r;i detailed understanding of 

since journal editors wan higb est quality for 

the image content and accepts £*^J» 10 . 50% of the 

printing. The reduced quality imag 

storage space of the full quality image. 

which is aescri includes many new 

verification Model version 2^0 in ^.^ 

£m ctionalities in «-^~ . -thods for creating a 

SUBSTTTUTE SHEET (RULE 25) 
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can select a suitable progression mode . f^f/ 

•«,<„ imaoes can be accessed separately m Che JPEG 2000 
I ™ ana progressive transmission oan be applied also to 
^Icts m 0^3 aooo there is also support for independently 
decodable coding units. 

XtTL object of the present invention to overcome the 
m .m a as outlined above and in particular to reduce the 

^ ^ired for storing an image, which partially 
ZTl. be possible to view, and also to reduce transmission time 

transmission scheme transmitting partially encrypted 
images. 

Tctfo r: S STTu- can be depressed at reduced quality 
"thout decryption, i.e. the first low guality * ~ 
encrypted, and where a second section of the image file 
encrypted . 

Th us. users having^ , to ^^^^ Z 
decrypt this second section. The f y 
decrypted second section can hen b vie ^ ^ ^ 

image. The storage space reguir ^ ^ 

section together is ^^^JZl, ^ity image. The 
r ^ired storm ^he ~™ depend ing on the 

"crypt"" metnod. *V • ' 

snared to the unencrypted second, section . 
section comparea 

, h„ partitioned into multiple sections where 
*• image can also be *«"^\ indivi dual encryption 

each section may be be stored ^encrypted, 

method and Keyword. S- sections^ m^y ^ 
fin important element of the method ^ o£ 

- h erein is that the compressed images con ^ 
in dependently decodable coding un i t s CO • 
possible to perform --B^J^ . 
domain without performing entropy 

SUBSTTTOTE SHEET (RULE 26) 
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» reduced guality i*age can be produced according to several 
different main schemes, such as: 

1) Reduced resolution «..*.«, 

2) Reduced accuracy or the transfer, coefficients^ 
3, Exclusion of predefined regions of interest (ROD 

These methods can be r^J^^J^Z^ 
e.g. produced by reducing both the resolution 
of the transform coefficients. 

• ™h tn store two different versxons of an 

Thus, there is no need to store two differ ent quality 

• * vr forenr users are to have access to different gudxxuy 
iffi age if different ««« transmissio n times become much 

of the one and same image. Also tr resolut ion, 
lo wer if the information content of £ r resolution 

i^age data can be reused when transmitting the highe 

image data. 

— ^ m °\°LZ "be described in »ore detail and 
The present invention will now u Mh ich- 
Tth reference to tbe acco^anying drawings, m whrch. 



„c rhe file structure of an image. 
. pig. 1 is a general view of the according to 

Figs 2a and 2b shows encryption of m>ages 

^iH i°s°a "hart illustrating so n e steps carried out 
Tig^TstdirgrlTIuustrating a client server process. 
- Fig'. 5 is a view of an encryption header 

DETAILED DESCRIPTION ■ structure of an original, 

In Fig. 1. a general view of the file a „ tile 

high resolution. ^/^^Tnoipendently decodable coding 
consists of a number of <^« e "" £lle structure shown in Fig. 
sections 101, 103 and 10- In ^ file ^ rf . ^ 

the ^d wit^ut encryption and will therefore 

resolution image, is coae 
be possible to decode by any receiver. 

substitute sheet (rule 25) 
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tiQ n 103 which comprises data, which combined with the 
The section ™* reso lution version of 

da ta of sect.cn 101, «~ lt encrypte d using a first encryption 

IS^^T* - the data stored iG the 

section 103 • 

• ~~ j a f a which combined with the 
_ . ^ n ns which comprises data, wmun 

TJl « n lO^and 1.3 *» * £ ^ resoXu t io» - 1M 

ot the high resolution inage. is encrypted using a second 
or the n g receivers having access to the 

S£ ::r:tut «, «--. - «. stored ta «. 

section 105- 

^s, decoding of the section ^"ding o £ the 

resolution i^ge ver^ 0,.^^ ^ ^ ^ 

section 103 will, com" Decryption 113 and 

mm -resolution image 111. ueci ii n " t 

101 r^of^: Tec ronToS "ill. coined ■** the i^ge data 
"e section: "I and 103 result in a full resolution i^ge 
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.„e. mentation in * *- J ^ B 
R0 , S ee Charilaos ^ ^ ^ o£ the 

r«^-i * <— - che -r* s ° that a 

range of progressive *odes can he supported. 

2 0 a coding unit is a part of 
tt JPEG 2000 verification .nodel 2£ ^ ^ ^ 

t he bitstrea* can be described as any 

subband. in general, a coding formation. The general 

^ependently ^^^T^ is to include, so 

r^r^specifies :r: --:ru * 

Efficient to specify the ~bban Lsinc ^ ^ ^ ^ ^ 

known, . several specif IS « che bits th et 

cefines a default coding unit orde th 
are needed for inserting explicit tags. 
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In Figs. 2a and 2!= bloc, diagram describing how encryption can 
be implemented in the JPEG 2000 encoder and decoder 
respectively, are shown. 

Thus in Fig 2a a block diagram where encryption is performed 
Thns, xn Fxg encoder is shown. Coding units enter 

after entropy codxng xn the en ^ ^ 

rtrrrrpy - — — -sr. 

output from the bloc, to a seleoto^oh . 

suitable encryptxon method for each entropy 

some coding units can be selected to not be encrypted at all. 

in response to the selection made in the selector 2 03 the 
entropy coded coding units are encrypted in a bloc, 205. The 
ScryPted coding units together with the not encrypted codxng 
uuitTthen form a combined output data stream whxch can be 
stored or transmitted. 

• • ov, * decoder for decoding the bit stream generated by 
in Fxg. 2b a decoder tor a s encrypted and not 

, or . iT1 FiCT 2 a is shown. Thus, fxrst encrypt 
^coding units enter th. . deooder^ia a selector,!. 

encrypted it is directly transmitted to a bloc, 

In tesponse to the selection made in the ^^[^ . 
entropy coded coding units are ^ are 

suitable decryption algorxthm. Th cod . ^ 
then fed to the bloc, 255. In the bloc, 255 deotypti on 
£r om fed directly from the selector ™£ , COBbined 

bloc, 253 are entropy «~^^V The dtta strea* which is fed 
output data stream corresponding to the data 
to the entropy coding bloc, 201 xn Fxg. 2a. 

E ach coding ^ \^TTZ^Z encry^dtloc,. 
Figs . 2a and 2b xs handled as an^ P ^ ^ ^ ^ 

Bach coding unit can also be encryp ^ ^ ^ ^ 

T r^rtxt: dxxferent encryption methods. The 
can be encrypt ea wauu. 

SUBSTITUTE SHEET (RULE 26) 
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, hnd used C an further be aa encryption algorithm 
encryption method used can generati ng keywords, 

combined with a keyword or a metnoa i a 

n . ffprent encryption methods can in such an embodiment have 

• ,-4«n fEMD) as shown in Figs. 2a and 2b is any gj.« 

Specify the Encryption Method. Unit Encryption State H » 
l ay^ol that for each coding unit defines how it xs encrypted. 

pl - 3 a flow chart illustrating different steps carried out 
^ encrypting an i*age are shown. Eirst. i n a s«p ,0 X ^ 
i^age to be partially encrypted is received. The rn>age recei 
Tstep 301 is then ceded using a coding algorithm generating 
^eplndently decodahle coding units, e.g. ^ =000. in a step 



303. 



n f rhe coding units of the image coded 

can he set in ^^C^., higher order 

oh ose to have coding units =rf coding mits 

and the coding units 
single bit stream. 

wn en transmitting an ^ enc ^ & client . 

described in conjunction with Fig- 3 ^ ^ 

401 is connected to a server 403 The c i ^ ^ 
a request towards the server 403 for a p 



405. 



The server ,03 replies by transiting the. - «- 

im age which are not encrypted now will haV e 

coding units can be decoded by the cl ^ 
ac =ess to a low -solution version or a P ar^ ^ ^ ^ % 

rit.cr^ « - — « - - 

SUBSTITUTE SHEET (RULE 26) 



PCT/SE99/02106 

WO 00/31964 

8 

client transmits a request to the server requesting such 
information, step 409- 

The server replies by sending a request to the client requesting 
the client to agree to the conditions for transmitting the 
nigher resolution version of the image, step 411. If the client 
agrees via a message 413. e.g. comprising a card number or 
account number from which to bill the cost for the image the 

server sends the encrypted coding units together with a Key word 
by n eans of which the encrypted coding units can be decrypted. 

step 415. A secure method for key distribution should be used. 

H^les of such secure methods are described in W. Stalling* 

•Data and computer Communications-, p 635 -637. Prentice-Hall. 

1997 fifth edition ISBH 0-13-571274-2. 

If the client already has access to the unencrypted and 
encrypted coding units, for example if he has purchased a CD-ROM 
TtTimages coded as described herein. The schemes described 
in conjunction can be modified so that no image data is 

transmitted. Instead the ^^^l^ZTZ^J 
the server in order to have access to the key wor i 
required to decrypt the encrypted coding units of the CD 

In the case when the method and device as described herein is ^ 
u sed when encoding 7Z not standardise 

is advantageous if the ^ Header that is included in the 

^T^7TT^ZyZ Encryption Tag that is merged with 
^ 2000 Tags can instead be used to specify how coding 
units are decrypted. 

m such an embodiment the uPEG 2000 image header contains an 
In S pr. is then set if any coding unit is 

^rtf; TJ^Z Headrr C» should -n be appended to 

^header and encryption information can 
optionally be merged into JPEG 2000 Tags. 

In Fig 5 an encryption header is shown. The Encryption Hsader 
can in such an embodiment contain the following symbols. 

SUBSTITUTE SHEET (RULE 26) 
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1) Encryption Mode (EM) . A set of standard encryption modes are . 
defined e.g. 

a) One encryption, method is used for all coding units 

b Bitplanes of less significance than bitplane X are encrypted 

c) subbands of higher resolution than Y are encrypted 

d) ROIs specified in are encrypted, etc. 

• f „™ a Hnn need to included in the Tags if an EM 
No encryption information neea to 

is defined. 

2) Encryption Mode Parameters (BMP). Parameters (X, Y, ...) that 
are used to define the Encryption Mode are set here. 

3) Number of encryption methods used. Several encryption methods 
can be used within the same image if e.g. different user groups 
should be allowed to see different image content. 

4) one Encryption Method Descriptor (EMD) for each encryption 
raethod The EMD defines any data that is needed by the 

each encryption method. This numc 

„ The bitstream -t -r each ««^^V-tl^ one 
encrypted and if so by what method. This is done y 
encrypt: coding These 

Onit «»™« ^ Ho lecTed in the encryption header or 
symbols could either be c bitstrea m as encryption 

alternatively be distributed in the bi ^ header we 

Tf ^hes information is kept m the encryp 
tags. If the UES inrom consists of 

derine a header element - -ate «S> ^ ^ ^ ^ 

a series o£ OES symbols that are us 
coding units appears in the bit stream. 

IF EF is set and the Encryption Stete is not given in the 

SUBSTITUTE SHEET (RULE 26) 
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™ w r 7 000 Taqs can be expanded to contain Unit 
"^iolstat (^S s^ls. OES defines which encryption 
STtL is used *. encrypting the next codxng 

unit. 

r s -::r;™L e ^ h^ «. «. « - 

encryption. 

vo«. is that the shape of the RDI might reveal the 
The main problem xs that the p howe ver, difficult 

content. If the shapes are encrypted xt xs, howe , 
to show a reduced quality image since xt xs dxff xcult to 
interpret the coded transform coefficients. 

shape ( =-shape . Thus t c _ ^ dMigned to 

:m r:::r^: J, * — — - • 

shape is a bounding box. 

stream. The =-shape xs coded vrth verifica tion Model 

Charilaos christopoulos J*^/ as descr ibed therein 

header. 

0 _ . haDe and the transform 
X aasK is created the -shape ^ 

coefficients beXongmg to the c s P ^ ^ 

U sing the method as descried ^ are shie xded 

all coefficient. ^ texture o£ the aols is thus 

by the c-shape are encrypted. Tne 
protected by encryption. 

T be shape of the ^ZZ^^^ ™ 
encryption the corresponding c-shape. 

Z - unencrypted background. The c- 

SUBSTITUTE SHEET (RULE 25) 
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v. , iml ,ved as a blank region. The original ROIs can 
stepe can b. di.pl ayedae a ^ ^ ^ decrypCing 

"aTo^L i^Wng «o the c-shape. The shape of each ROI 
: ^ : tne c-shape is also deeded. The bitstream oan 

m rrsrrrr -s ta 

done in the compressed domain . 

v ^ ha t is used for encoding a ROI is not uniquely defined 
The mask that is useu j.ui „ t-"h^ pot 

in JPEG 2000. A mask that is sufficiently large so that the ROI 

!Led lossless will often cover the whole lower snbbands. A 
irtht: is not allowed to expand will lead to a lossy encoding 
"tha^ol. The masks belonging to different ROIs or to a ROI 
aL tne background cau be designed to overlap. This means that 
som e coefficients are encoded in more than one ROI. Such^ 

•11 i„d to a reduced overall compression but the kois 
r mo P r. iudepeTde:: so that any ROI can be accessed and decoded 
with a good visual result. 

-i_ * pots described herein is not 

.he partial encryption -f^J^^ «- —< iS 
aependent of the ^"^Tot ^/reconstructed from the 

rLrour^.r^ofo verification Model version ,0. 

By nsing the method and device „ J-^^^T ^ 
ba ndwidth requirements for ^f^^on „ d processing o« 
reduced, ^rthermore, object based co P ^ ^ 
-rypted o^ects are fac ^ n and the origi nal 

Mot her advantage is ^^V^^^ 
performed at the same time « e , donain (at t he 

U» process takes place ^ * ^ ^ ^ without 
bitstream syntax) P £ormed just before 

encryption. The —"^'"J^ (craM coder, . In this case, 
transmitting the image by a parser 

SUBSTITUTE SHEET (RULE 26) 
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,. a w^T-ate which will be the case 

l^r. - - Lotion — i. — «- 

transmitting it. 
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CLAIMS 



X. A methpd of partially encrypting image data comprising the 
T7al£^ ^ -ata using an encoding algorithm generating 

I ^1 which are not encrypted with coding units 
which are encrypted into a combined bitstraam. 

...„«.„ claim ! characterized in that the not 

-> a method according to claim ±, . _ 

units correspond to a Xo„ resoiutron version - 



the image data* 



methods - 



* ^ a ^c 1 - 3 characterized in 
4 . A »etW aocordi* T « any J' =oding ^ u 

that an encryption flag, 

encrypted, is inserted in the bit stream. 

• ~ i a when information 
.. k net^ acco^ « - . ^ ^ 

enclosed in a cloaking shape. 

6 A device for partiai encryption of i»a,e data cbaracterisad 

one of tbe coding -"^T^ WQich «. not encrypted wit* 
. mKM for merguo c ^ ln *™L. as a CODbi ned bitstrean. 
coding units wnich are encrypted as 

. .. „,„<- 6 characterized bj Beans for 
L^rTS^-i- units as units corresponding 
selecting ^ image data, 

to a low resolution version of the ,mag 
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3.. i aevice accord to « - ^^.^H^ ^ 
-means for-tmcrjptins cU.Mer.nt °°<i">9 ™ lts USin9 
coding methods. 

* « 1a ^ e 6-8. characterized by 

coain, unit is enacted . in the bit stream. 

* ~i=^ m« 6 - 9. characterized by 
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